diff options
-rw-r--r-- | Makefile.am | 11 | ||||
-rw-r--r-- | src/db/sysdb_ops.c | 2 | ||||
-rw-r--r-- | src/responder/pam/pam_LOCAL_domain.c | 2 | ||||
-rw-r--r-- | src/util/crypto/libcrypto/crypto_sha512crypt.c (renamed from src/util/crypto_sha512crypt.c) | 1 | ||||
-rw-r--r-- | src/util/crypto/nss/nss_sha512crypt.c (renamed from src/util/nss_sha512crypt.c) | 49 | ||||
-rw-r--r-- | src/util/crypto/nss/nss_util.c | 74 | ||||
-rw-r--r-- | src/util/crypto/nss/nss_util.h | 27 | ||||
-rw-r--r-- | src/util/crypto/sss_crypto.h (renamed from src/util/sha512crypt.h) | 0 |
8 files changed, 119 insertions, 47 deletions
diff --git a/Makefile.am b/Makefile.am index 4d8467c68..b0e04b5d5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -117,11 +117,12 @@ noinst_LTLIBRARIES = \ libsss_crypt.la if HAVE_NSS - SSS_CRYPT_SOURCES = src/util/nss_sha512crypt.c + SSS_CRYPT_SOURCES = src/util/crypto/nss/nss_sha512crypt.c \ + src/util/crypto/nss/nss_util.c SSS_CRYPT_CFLAGS = $(NSS_CFLAGS) SSS_CRYPT_LIBS = $(NSS_LIBS) else - SSS_CRYPT_SOURCES = src/util/crypto_sha512crypt.c + SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_sha512crypt.c SSS_CRYPT_CFLAGS = $(CRYPTO_CFLAGS) SSS_CRYPT_LIBS = $(CRYPTO_LIBS) endif @@ -296,7 +297,7 @@ endif dist_noinst_HEADERS = \ src/monitor/monitor.h \ - src/util/sha512crypt.h \ + src/util/crypto/sss_crypto.h \ src/util/dlinklist.h \ src/util/util.h \ src/util/strtonum.h \ @@ -350,6 +351,10 @@ dist_noinst_HEADERS = \ src/resolv/ares/ares_data.h \ src/tests/common.h +if HAVE_NSS + dist_noinst_HEADERS += src/util/crypto/nss/nss_util.h +endif + #################### # Program Binaries # diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index d86c35d6c..017f8ebce 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -21,7 +21,7 @@ #include "util/util.h" #include "db/sysdb_private.h" -#include "util/sha512crypt.h" +#include "util/crypto/sss_crypto.h" #include <time.h> static int add_string(struct ldb_message *msg, int flags, diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c index d6c532e01..0df9499dd 100644 --- a/src/responder/pam/pam_LOCAL_domain.c +++ b/src/responder/pam/pam_LOCAL_domain.c @@ -24,7 +24,7 @@ #include "util/util.h" #include "db/sysdb.h" -#include "util/sha512crypt.h" +#include "util/crypto/sss_crypto.h" #include "providers/data_provider.h" #include "responder/pam/pamsrv.h" diff --git a/src/util/crypto_sha512crypt.c b/src/util/crypto/libcrypto/crypto_sha512crypt.c index 9cd03a1e1..29900cc9c 100644 --- a/src/util/crypto_sha512crypt.c +++ b/src/util/crypto/libcrypto/crypto_sha512crypt.c @@ -379,4 +379,3 @@ int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt) return EOK; } - diff --git a/src/util/nss_sha512crypt.c b/src/util/crypto/nss/nss_sha512crypt.c index 8ba16d4aa..514e4d9a3 100644 --- a/src/util/nss_sha512crypt.c +++ b/src/util/crypto/nss/nss_sha512crypt.c @@ -21,41 +21,13 @@ #include <sys/types.h> #include "util/util.h" +#include "util/crypto/nss/nss_util.h" #include <prinit.h> #include <nss.h> #include <sechash.h> #include <pk11func.h> -static int nspr_nss_init_done = 0; - -static int nspr_nss_init(void) -{ - int ret; - PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); - ret = NSS_NoDB_Init(NULL); - if (ret != SECSuccess) { - return ret; - } - nspr_nss_init_done = 1; - return 0; -} - -/* added for completness, so far not used */ -#if 0 -static int nspr_nss_cleanup(void) -{ - int ret; - ret = NSS_Shutdown(); - if (ret != SECSuccess) { - return ret; - } - PR_Cleanup(); - nspr_nss_init_done = 0; - return 0; -} -#endif - /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) @@ -153,12 +125,10 @@ static int sha512_crypt_r(const char *key, salt = copied_salt = memcpy(tmp + ALIGN64 - PTR_2_INT(tmp) % ALIGN64, salt, salt_len); } - if (!nspr_nss_init_done) { - ret = nspr_nss_init(); - if (ret != SECSuccess) { - ret = EIO; - goto done; - } + ret = nspr_nss_init(); + if (ret != EOK) { + ret = EIO; + goto done; } ctx = HASH_Create(HASH_AlgSHA512); @@ -387,11 +357,9 @@ int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt) size_t slen; int ret; - if (!nspr_nss_init_done) { - ret = nspr_nss_init(); - if (ret != SECSuccess) { - return EIO; - } + ret = nspr_nss_init(); + if (ret != EOK) { + return EIO; } salt = talloc_size(memctx, SALT_LEN_MAX + 1); @@ -416,4 +384,3 @@ int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt) return EOK; } - diff --git a/src/util/crypto/nss/nss_util.c b/src/util/crypto/nss/nss_util.c new file mode 100644 index 000000000..59390eb96 --- /dev/null +++ b/src/util/crypto/nss/nss_util.c @@ -0,0 +1,74 @@ +/* + SSSD + + NSS crypto wrappers + + Authors: + Sumit Bose <sbose@redhat.com> + Jakub Hrozek <jhrozek@redhat.com> + + Copyright (C) Red Hat, Inc 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "config.h" + +#include <prinit.h> +#include <prerror.h> +#include <nss.h> +#include <pk11func.h> + +#include "util/util.h" + +static int nspr_nss_init_done = 0; + +int nspr_nss_init(void) +{ + SECStatus sret; + + /* nothing to do */ + if (nspr_nss_init_done == 1) return SECSuccess; + + PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); + + sret = NSS_NoDB_Init(NULL); + if (sret != SECSuccess) { + DEBUG(1, ("Error initializing connection to NSS [%d]\n", + PR_GetError())); + return EIO; + } + + nspr_nss_init_done = 1; + return EOK; +} + +int nspr_nss_cleanup(void) +{ + SECStatus sret; + + /* nothing to do */ + if (nspr_nss_init_done == 0) return SECSuccess; + + sret = NSS_Shutdown(); + if (sret != SECSuccess) { + DEBUG(1, ("Error shutting down connection to NSS [%d]\n", + PR_GetError())); + return EIO; + } + + PR_Cleanup(); + nspr_nss_init_done = 0; + return EOK; +} diff --git a/src/util/crypto/nss/nss_util.h b/src/util/crypto/nss/nss_util.h new file mode 100644 index 000000000..7387b9a7e --- /dev/null +++ b/src/util/crypto/nss/nss_util.h @@ -0,0 +1,27 @@ +/* + SSSD + + NSS crypto wrappers + + Authors: + Jakub Hrozek <jhrozek@redhat.com> + + Copyright (C) Red Hat, Inc 2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + + +int nspr_nss_init(void); +int nspr_nss_cleanup(void); diff --git a/src/util/sha512crypt.h b/src/util/crypto/sss_crypto.h index 5512c5d96..5512c5d96 100644 --- a/src/util/sha512crypt.h +++ b/src/util/crypto/sss_crypto.h |